SlideShare uma empresa Scribd logo

Cisco Systems Chooses Net Optics Director xStream Pro™ and HD8™ Taps to Demonstrate MACsec Security Protocol

L
LiveAction Next Generation Network Management Software

When Cisco needed to showcase their newest Borderless Network capabilities and demonstrate MACsec technology at work, they looked to Net Optics. Director xStream Pro generates live statistics from any network segment even at ultra-high data volumes. And since downtime isn’t an option, they chose the HD8 Fiber Tap for its ability to deliver full-duplex monitoring of 10G networks without introducing a point of failure. http://www.netoptics.com

Tecnologia
1 de 2
Baixar para ler offline
Partner I Solution Brief Cisco Systems Chooses Net Optics Director xStream Pro™ and HD8™ Taps to Demonstrate MACsec Security Protocol When Cisco needed to showcase their newest Borderless Network capabilities and demonstrate MACsec technology at work, they looked to Net Optics. Director xStream Pro generates live statistics from any network segment even at ultra-high data volumes. Since downtime isn’t an option, they chose the HD8 Fiber Tap for its ability to deliver full-duplex monitoring of 10G networks without introducing a point of failure. What is MACsec? Vulnerability at the access edge is one of today’s most urgent security challenges. Now, in a convincing demonstration at the 2011 Cisco Live trade show, Cisco used its own switches, along with Net Optics’ Director xStream Pro and High-Density HD8 Fiber Taps, to show how its MACsec technology is vital to protecting data in motion by maintaining data encryption and integrity in the LAN. The demo contrasts the vulnerability of data traveling between network switches—both with and without MACsec. MACsec refers to the capability of encrypting data communications between a switch and any attached device—most importantly communication on wired LANs. MACsec (MAC for Media Access Control; sec for security) is the brainchild of the Institute of Electrical and Electronics Engineers (IEEE). Known as Security Standard 802.1AE, MACsec is the industry’s new best practice for ensuring data integrity when it comes to independent media access. MACsec is designed to be deployed in conjunction with traditional, higherlevel encryption protocols such as Secure Sockets Layer (SSL) and Secure Shell (SSH) to enhance security on LANs. Today, authentication alone cannot guarantee the safety of LAN data. Although physical security and end-user awareness remain important, many instances and locations (for example, remote offices and public access) demand greater LAN fortification. One of the promising answers is MAC Security, or MACsec—part of the Borderless Network Integrated Security Features providing superior layer 2 defense against man-in-the-middle attacks such as MAC, IP, and ARP spoofing. Net Optics Solutions Help Validate and Dramatize the Necessity of MACsec to Cisco Live Visitors How does MACsec bolster Borderless Network security? To show how its IOS MACsec software defends LAN data integrity, Cisco used its 6500 Switches, employing Cisco Protocol for MACsec-based wire-rate hopto-hop layer 2 encryption. MACsec’s layer 2 capabilities can identify and block most threats that come from behind the firewall (also known as insider threats). Also used in the demo are the Cisco Catalyst 3500 and Catalyst 4500 family of switches. By using Director xStream Pro, it is possible to demonstrate encryption compliance and validate the proper deployment. The 3500, which does not incorporate MACsec, enables contrasting of encrypted and unencrypted data— the main point of the demonstration. Used between LAN endpoints, MACsec enables each packet on the wire to be encrypted via symmetric key cryptography. As a result, communications cannot be monitored or altered anywhere on the wire; nor can anyone directly intercept traffic on the line that data travels on. MACsec is one of the most significant advances in network security, enabling confidentiality and identity-based access control at the network edge. Cisco Live Demo, Tapping Traffic Between Cisco Switches With and Without MACsec, Shows Its Dramatic Impact on Security Cisco 6500 Series Switch Cisco 6500 Series Switch W S-C 6 5 0 4- E Cisco 6500 Series Switch W S-C 6 5 0 4- E 1.7 in. W S-C 6 5 0 4- E 1.7 in. 1.7 in. Net Optics 10G Fiber Tap HD8 A B 1 2 A B 1 2 A B 1 2 A B 1 2 A B 1 2 A B 1 2 A CATALYST 3550 B 1 2 A B 1 2 Cisco 3500 Series Switch MACSec Encrypted Traffic Unencrypted Traffic Net Optics Director xStream Pro Cisco and Net Optics in Action at Cisco Live 2011 The diagram shows Cisco 6500 switches across the top, using MACsec technology to encrypt Layer 2 traffic between Cisco’s own devices. Initially, traffic is unencrypted, with Cisco then creating a tunnel to perform the encryption. The dashed lines represent encrypted traffic. The solid lines represent unencrypted traffic. This makes the point that without MACsec technology, this traffic remains unencrypted and vulnerable to intrusion and compromise.
Cisco Systems Chooses Net Optics Director xStream Pro™ and HD8™ Taps to Demonstrate MACsec Security Protocol Partner I Solution Brief Cisco chose the compact Net Optics HD8 Fiber Tap for its ability to deliver full-duplex monitoring of 10 GigaBit networks with 100 percent traffic visibility, including layer 1 and 2 errors. Requiring no power, the Net Optics Tap integrates smoothly with Cisco products and maintains permanent access ports for monitoring tools without introducing a point of failure or interfering with network connections. “We chose their Director xStream Pro and The newest in Net Optics’ arsenal of security solutions, Director xStream Pro is a high-performance engine purpose-built for the demands of the 10G environment. Cisco needed Director xStream Pro’s ability to generate and make visible live statistics coming from the switches. Its ability to handle ultra-high data volumes was also important for purposes of the demo. LAN with MACSec—and without it,” says a HD8 Fiber Taps because we felt they would offer us the support needed to show the value of our newest MACsec technology: This is your Cisco Technical Marketing Engineer MACsec and Director xStream Pro Work Together as a Permanent Compliance Solution The ability of Director xStream Pro to capture, display, and document the encryption of LAN traffic is a major benefit to companies challenged with regulatory compliance. Director xStream Pro not only verifies that traffic is encrypted, it allows export of statistics into spreadsheets and other documentation—easing compliance verification for auditing purposes. In addition, Director xStream Pro alerts and exposes in real time any problems that might arise with MACsec encryption, allowing users to take instant action and protecting the value of the MACsec investment. MACsec Encrypted Data Stream Unencrypted Data Stream Net Optics Helps Cisco Put the Proof Before Viewers’ Eyes With MACsec-enabled devices, packets are encrypted on exiting the transmitting device and decrypted on entering the receiving device. They are “in the clear” only within the respective devices. Once the Net Optics HD8 Taps have passively gathered data on the connections, the demo sends data transmissions from the Taps to Director xStream Pro, which collects and displays it clearly in its user interface. Watching the encrypted traffic, viewers can see that traffic is there, but they cannot tell what type it is—whether it is Web traffic, VoIP, video, IPv4 or IPv6, PCP, TCP, UDP or ARP. This proves that the MACsec security function is working. Traffic emanating from the 3500 device, which lacks MACsec technology, clearly reveals its types and protocols—and even its payload contents if it is not using a higher-level encryption protocol such as SSL or SSH. The demo shows how MACsec software protects the network from inside—and Director xStream Pro can also reveal the payload. With encryption and decryption performed locally, it is easier to deploy IT insertion points for IDSs, anti-virus protection, load balancing and traffic management. MACsec’s strong encryption at layer 2 also supports data confidentiality, while integrity checking helps assure that no data modification takes place during transit. Summary Net Optics Taps and Director xStream Pro are helping Cisco offer irrefutable proof that the MACsec-enabled software in its switches helps secure a network from the inside on a hop-by-hop basis. MACsec also enables each hop to act as an IT insertion point for security purposes. Using MACsec, IT departments can now monitor and inspect internal LAN traffic. This capability is fundamental to Cisco’s Borderless Security Architecture, part of the Borderless Network vision. Now, Net Optics TAPs and Director xStream Pro are helping Cisco prove how vital MACsec is to the confidentiality and integrity of the LAN. Net Optics Director xStream Pro’s Live Data Statistics feature enables Cisco to demonstrate the secure exchange of data between switches. As shown in the illustration, Director xStream Pro’s GUI makes the contrast between MACsec encryption and unencrypted data dramatically visible. The display shows encrypted traffic as unreadable, while unencrypted traffic types are easily identified. Director xStream Pro’s Live Data Statistics capability also lets users import statistics into a SQL database or spreadsheet for compliance support and instant insight into network status and health. 5303 Betsy Ross Drive Santa Clara, CA 95054 Tel: +1 (408) 737-7777 www.netoptics.com Net Optics® is a registered trademark of Net Optics, an Ixia company. Copyright 1996-2013 Net Optics, an Ixia company. All rights reserved. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.

Recomendados

Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...
Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...
Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...LiveAction Next Generation Network Management Software
 
Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...
Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...
Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...LiveAction Next Generation Network Management Software
 
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...LiveAction Next Generation Network Management Software
 
Trabajo final
Trabajo finalTrabajo final
Trabajo finalAlejandra Patricia Yarad
 
Slides for intromative speech
Slides for intromative speechSlides for intromative speech
Slides for intromative speecholageman
 
San cristóbal de las casas
San cristóbal de las casasSan cristóbal de las casas
San cristóbal de las casasalejandro severo gomez rodriguez
 
Documento CERAC No. 2: Commodity Price Shocks and Civil Conflict: Evidence Fr...
Documento CERAC No. 2: Commodity Price Shocks and Civil Conflict: Evidence Fr...Documento CERAC No. 2: Commodity Price Shocks and Civil Conflict: Evidence Fr...
Documento CERAC No. 2: Commodity Price Shocks and Civil Conflict: Evidence Fr...CERAC - Centro de Recursos para el Análisis de Conflictos
 
RFID-Etiquetas Inteligentes_Xavier Maqueda Palma
RFID-Etiquetas Inteligentes_Xavier Maqueda PalmaRFID-Etiquetas Inteligentes_Xavier Maqueda Palma
RFID-Etiquetas Inteligentes_Xavier Maqueda PalmaPepsiCo
 

Recomendados

Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...
Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...
Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...LiveAction Next Generation Network Management Software
 
Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...
Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...
Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...LiveAction Next Generation Network Management Software
 
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...LiveAction Next Generation Network Management Software
 
Trabajo final
Trabajo finalTrabajo final
Trabajo finalAlejandra Patricia Yarad
 
Slides for intromative speech
Slides for intromative speechSlides for intromative speech
Slides for intromative speecholageman
 
San cristóbal de las casas
San cristóbal de las casasSan cristóbal de las casas
San cristóbal de las casasalejandro severo gomez rodriguez
 
Documento CERAC No. 2: Commodity Price Shocks and Civil Conflict: Evidence Fr...
Documento CERAC No. 2: Commodity Price Shocks and Civil Conflict: Evidence Fr...Documento CERAC No. 2: Commodity Price Shocks and Civil Conflict: Evidence Fr...
Documento CERAC No. 2: Commodity Price Shocks and Civil Conflict: Evidence Fr...CERAC - Centro de Recursos para el Análisis de Conflictos
 
RFID-Etiquetas Inteligentes_Xavier Maqueda Palma
RFID-Etiquetas Inteligentes_Xavier Maqueda PalmaRFID-Etiquetas Inteligentes_Xavier Maqueda Palma
RFID-Etiquetas Inteligentes_Xavier Maqueda PalmaPepsiCo
 
EL CICLO DE LA DIVISIÓN
EL CICLO DE LA DIVISIÓN EL CICLO DE LA DIVISIÓN
EL CICLO DE LA DIVISIÓN Aldair Cayetano Lagos
 
Deber tics nuevo
Deber tics nuevoDeber tics nuevo
Deber tics nuevoelizabeth22stefy
 
Tagxedo amistad
Tagxedo amistadTagxedo amistad
Tagxedo amistadmicaydina
 
Presentación1 sarah
Presentación1 sarahPresentación1 sarah
Presentación1 sarahsarayandres
 
E tfa 14
E tfa 14E tfa 14
E tfa 14MikeTeacher12
 
What is Good Mentoring?
What is Good Mentoring?What is Good Mentoring?
What is Good Mentoring?Sramana Mitra
 
VMware and Net Optics an Ixia company Provide Solutions for Monitoring for Vi...
VMware and Net Optics an Ixia company Provide Solutions for Monitoring for Vi...VMware and Net Optics an Ixia company Provide Solutions for Monitoring for Vi...
VMware and Net Optics an Ixia company Provide Solutions for Monitoring for Vi...LiveAction Next Generation Network Management Software
 
Navigating the Flood of BYOD
Navigating the Flood of BYODNavigating the Flood of BYOD
Navigating the Flood of BYODLiveAction Next Generation Network Management Software
 
Cisco1000v Net Optics Solution Brief
Cisco1000v Net Optics Solution BriefCisco1000v Net Optics Solution Brief
Cisco1000v Net Optics Solution BriefLiveAction Next Generation Network Management Software
 
Infographic: Aim Straight at Your Application Performance Issues
Infographic: Aim Straight at Your Application Performance IssuesInfographic: Aim Straight at Your Application Performance Issues
Infographic: Aim Straight at Your Application Performance IssuesLiveAction Next Generation Network Management Software
 
The New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler ArchitectureThe New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler ArchitectureLiveAction Next Generation Network Management Software
 
Leveraging vSphere 5.0 For Optimal Visibility and Efficiency
Leveraging vSphere 5.0 For Optimal Visibility and EfficiencyLeveraging vSphere 5.0 For Optimal Visibility and Efficiency
Leveraging vSphere 5.0 For Optimal Visibility and EfficiencyLiveAction Next Generation Network Management Software
 
Security-Centric Networking
Security-Centric NetworkingSecurity-Centric Networking
Security-Centric NetworkingLiveAction Next Generation Network Management Software
 
Big Data is on a Collision Course With Your Network - Are You Ready?
Big Data is on a Collision Course With Your Network - Are You Ready?Big Data is on a Collision Course With Your Network - Are You Ready?
Big Data is on a Collision Course With Your Network - Are You Ready?LiveAction Next Generation Network Management Software
 
Overview of Net Optics Director Pro 10Gbps Data Monitoring Switch
Overview of Net Optics Director Pro 10Gbps Data Monitoring SwitchOverview of Net Optics Director Pro 10Gbps Data Monitoring Switch
Overview of Net Optics Director Pro 10Gbps Data Monitoring SwitchLiveAction Next Generation Network Management Software
 
Is the Network Tap Mightier Than the Sword
Is the Network Tap Mightier Than the SwordIs the Network Tap Mightier Than the Sword
Is the Network Tap Mightier Than the SwordLiveAction Next Generation Network Management Software
 
The Secret to Surviving the Network Deluge
The Secret to Surviving the Network DelugeThe Secret to Surviving the Network Deluge
The Secret to Surviving the Network DelugeLiveAction Next Generation Network Management Software
 
Conquering Data Monitoring Challenges in the Realm of Derivatives Trading Sys...
Conquering Data Monitoring Challenges in the Realm of Derivatives Trading Sys...Conquering Data Monitoring Challenges in the Realm of Derivatives Trading Sys...
Conquering Data Monitoring Challenges in the Realm of Derivatives Trading Sys...LiveAction Next Generation Network Management Software
 
Net Optics' Virtualization Solutions Deployment Case Study
Net Optics' Virtualization Solutions Deployment Case StudyNet Optics' Virtualization Solutions Deployment Case Study
Net Optics' Virtualization Solutions Deployment Case StudyLiveAction Next Generation Network Management Software
 
Lawful Interception in Virtual Environments
Lawful Interception in Virtual EnvironmentsLawful Interception in Virtual Environments
Lawful Interception in Virtual EnvironmentsLiveAction Next Generation Network Management Software
 
High-Availability Security Monitoring Using Bypass Switches
High-Availability Security Monitoring Using Bypass SwitchesHigh-Availability Security Monitoring Using Bypass Switches
High-Availability Security Monitoring Using Bypass SwitchesLiveAction Next Generation Network Management Software
 
What is a virtual tap?
What is a virtual tap?What is a virtual tap?
What is a virtual tap?LiveAction Next Generation Network Management Software
 

Mais conteúdo relacionado

Destaque

Tagxedo amistad
Tagxedo amistadTagxedo amistad
Tagxedo amistadmicaydina
 
Presentación1 sarah
Presentación1 sarahPresentación1 sarah
Presentación1 sarahsarayandres
 
What is Good Mentoring?
What is Good Mentoring?What is Good Mentoring?
What is Good Mentoring?Sramana Mitra
 

Destaque (6)

EL CICLO DE LA DIVISIÓN
EL CICLO DE LA DIVISIÓN EL CICLO DE LA DIVISIÓN
EL CICLO DE LA DIVISIÓN
 
Deber tics nuevo
Deber tics nuevoDeber tics nuevo
Deber tics nuevo
 
Tagxedo amistad
Tagxedo amistadTagxedo amistad
Tagxedo amistad
 
Presentación1 sarah
Presentación1 sarahPresentación1 sarah
Presentación1 sarah
 
E tfa 14
E tfa 14E tfa 14
E tfa 14
 
What is Good Mentoring?
What is Good Mentoring?What is Good Mentoring?
What is Good Mentoring?
 

Mais de LiveAction Next Generation Network Management Software

Mais de LiveAction Next Generation Network Management Software (20)

VMware and Net Optics an Ixia company Provide Solutions for Monitoring for Vi...
VMware and Net Optics an Ixia company Provide Solutions for Monitoring for Vi...VMware and Net Optics an Ixia company Provide Solutions for Monitoring for Vi...
VMware and Net Optics an Ixia company Provide Solutions for Monitoring for Vi...
 
Navigating the Flood of BYOD
Navigating the Flood of BYODNavigating the Flood of BYOD
Navigating the Flood of BYOD
 
Cisco1000v Net Optics Solution Brief
Cisco1000v Net Optics Solution BriefCisco1000v Net Optics Solution Brief
Cisco1000v Net Optics Solution Brief
 
Infographic: Aim Straight at Your Application Performance Issues
Infographic: Aim Straight at Your Application Performance IssuesInfographic: Aim Straight at Your Application Performance Issues
Infographic: Aim Straight at Your Application Performance Issues
 
The New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler ArchitectureThe New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler Architecture
 
Leveraging vSphere 5.0 For Optimal Visibility and Efficiency
Leveraging vSphere 5.0 For Optimal Visibility and EfficiencyLeveraging vSphere 5.0 For Optimal Visibility and Efficiency
Leveraging vSphere 5.0 For Optimal Visibility and Efficiency
 
Security-Centric Networking
Security-Centric NetworkingSecurity-Centric Networking
Security-Centric Networking
 
Big Data is on a Collision Course With Your Network - Are You Ready?
Big Data is on a Collision Course With Your Network - Are You Ready?Big Data is on a Collision Course With Your Network - Are You Ready?
Big Data is on a Collision Course With Your Network - Are You Ready?
 
Overview of Net Optics Director Pro 10Gbps Data Monitoring Switch
Overview of Net Optics Director Pro 10Gbps Data Monitoring SwitchOverview of Net Optics Director Pro 10Gbps Data Monitoring Switch
Overview of Net Optics Director Pro 10Gbps Data Monitoring Switch
 
Is the Network Tap Mightier Than the Sword
Is the Network Tap Mightier Than the SwordIs the Network Tap Mightier Than the Sword
Is the Network Tap Mightier Than the Sword
 
The Secret to Surviving the Network Deluge
The Secret to Surviving the Network DelugeThe Secret to Surviving the Network Deluge
The Secret to Surviving the Network Deluge
 
Conquering Data Monitoring Challenges in the Realm of Derivatives Trading Sys...
Conquering Data Monitoring Challenges in the Realm of Derivatives Trading Sys...Conquering Data Monitoring Challenges in the Realm of Derivatives Trading Sys...
Conquering Data Monitoring Challenges in the Realm of Derivatives Trading Sys...
 
Net Optics' Virtualization Solutions Deployment Case Study
Net Optics' Virtualization Solutions Deployment Case StudyNet Optics' Virtualization Solutions Deployment Case Study
Net Optics' Virtualization Solutions Deployment Case Study
 
Lawful Interception in Virtual Environments
Lawful Interception in Virtual EnvironmentsLawful Interception in Virtual Environments
Lawful Interception in Virtual Environments
 
High-Availability Security Monitoring Using Bypass Switches
High-Availability Security Monitoring Using Bypass SwitchesHigh-Availability Security Monitoring Using Bypass Switches
High-Availability Security Monitoring Using Bypass Switches
 
What is a virtual tap?
What is a virtual tap?What is a virtual tap?
What is a virtual tap?
 
Tap Into the Health of Your Network
Tap Into the Health of Your NetworkTap Into the Health of Your Network
Tap Into the Health of Your Network
 
Load Balancing Monitoring Access - Solutions for Network Monitoring Access Pe...
Load Balancing Monitoring Access - Solutions for Network Monitoring Access Pe...Load Balancing Monitoring Access - Solutions for Network Monitoring Access Pe...
Load Balancing Monitoring Access - Solutions for Network Monitoring Access Pe...
 
Compliance Challenges in a Virtualized Environment
Compliance Challenges in a Virtualized EnvironmentCompliance Challenges in a Virtualized Environment
Compliance Challenges in a Virtualized Environment
 
Network Security in a Virtualized Environment
Network Security in a Virtualized EnvironmentNetwork Security in a Virtualized Environment
Network Security in a Virtualized Environment
 

Último

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 

Último (20)

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 

Cisco Systems Chooses Net Optics Director xStream Pro™ and HD8™ Taps to Demonstrate MACsec Security Protocol

  • 1. Partner I Solution Brief Cisco Systems Chooses Net Optics Director xStream Pro™ and HD8™ Taps to Demonstrate MACsec Security Protocol When Cisco needed to showcase their newest Borderless Network capabilities and demonstrate MACsec technology at work, they looked to Net Optics. Director xStream Pro generates live statistics from any network segment even at ultra-high data volumes. Since downtime isn’t an option, they chose the HD8 Fiber Tap for its ability to deliver full-duplex monitoring of 10G networks without introducing a point of failure. What is MACsec? Vulnerability at the access edge is one of today’s most urgent security challenges. Now, in a convincing demonstration at the 2011 Cisco Live trade show, Cisco used its own switches, along with Net Optics’ Director xStream Pro and High-Density HD8 Fiber Taps, to show how its MACsec technology is vital to protecting data in motion by maintaining data encryption and integrity in the LAN. The demo contrasts the vulnerability of data traveling between network switches—both with and without MACsec. MACsec refers to the capability of encrypting data communications between a switch and any attached device—most importantly communication on wired LANs. MACsec (MAC for Media Access Control; sec for security) is the brainchild of the Institute of Electrical and Electronics Engineers (IEEE). Known as Security Standard 802.1AE, MACsec is the industry’s new best practice for ensuring data integrity when it comes to independent media access. MACsec is designed to be deployed in conjunction with traditional, higherlevel encryption protocols such as Secure Sockets Layer (SSL) and Secure Shell (SSH) to enhance security on LANs. Today, authentication alone cannot guarantee the safety of LAN data. Although physical security and end-user awareness remain important, many instances and locations (for example, remote offices and public access) demand greater LAN fortification. One of the promising answers is MAC Security, or MACsec—part of the Borderless Network Integrated Security Features providing superior layer 2 defense against man-in-the-middle attacks such as MAC, IP, and ARP spoofing. Net Optics Solutions Help Validate and Dramatize the Necessity of MACsec to Cisco Live Visitors How does MACsec bolster Borderless Network security? To show how its IOS MACsec software defends LAN data integrity, Cisco used its 6500 Switches, employing Cisco Protocol for MACsec-based wire-rate hopto-hop layer 2 encryption. MACsec’s layer 2 capabilities can identify and block most threats that come from behind the firewall (also known as insider threats). Also used in the demo are the Cisco Catalyst 3500 and Catalyst 4500 family of switches. By using Director xStream Pro, it is possible to demonstrate encryption compliance and validate the proper deployment. The 3500, which does not incorporate MACsec, enables contrasting of encrypted and unencrypted data— the main point of the demonstration. Used between LAN endpoints, MACsec enables each packet on the wire to be encrypted via symmetric key cryptography. As a result, communications cannot be monitored or altered anywhere on the wire; nor can anyone directly intercept traffic on the line that data travels on. MACsec is one of the most significant advances in network security, enabling confidentiality and identity-based access control at the network edge. Cisco Live Demo, Tapping Traffic Between Cisco Switches With and Without MACsec, Shows Its Dramatic Impact on Security Cisco 6500 Series Switch Cisco 6500 Series Switch W S-C 6 5 0 4- E Cisco 6500 Series Switch W S-C 6 5 0 4- E 1.7 in. W S-C 6 5 0 4- E 1.7 in. 1.7 in. Net Optics 10G Fiber Tap HD8 A B 1 2 A B 1 2 A B 1 2 A B 1 2 A B 1 2 A B 1 2 A CATALYST 3550 B 1 2 A B 1 2 Cisco 3500 Series Switch MACSec Encrypted Traffic Unencrypted Traffic Net Optics Director xStream Pro Cisco and Net Optics in Action at Cisco Live 2011 The diagram shows Cisco 6500 switches across the top, using MACsec technology to encrypt Layer 2 traffic between Cisco’s own devices. Initially, traffic is unencrypted, with Cisco then creating a tunnel to perform the encryption. The dashed lines represent encrypted traffic. The solid lines represent unencrypted traffic. This makes the point that without MACsec technology, this traffic remains unencrypted and vulnerable to intrusion and compromise.
  • 2. Cisco Systems Chooses Net Optics Director xStream Pro™ and HD8™ Taps to Demonstrate MACsec Security Protocol Partner I Solution Brief Cisco chose the compact Net Optics HD8 Fiber Tap for its ability to deliver full-duplex monitoring of 10 GigaBit networks with 100 percent traffic visibility, including layer 1 and 2 errors. Requiring no power, the Net Optics Tap integrates smoothly with Cisco products and maintains permanent access ports for monitoring tools without introducing a point of failure or interfering with network connections. “We chose their Director xStream Pro and The newest in Net Optics’ arsenal of security solutions, Director xStream Pro is a high-performance engine purpose-built for the demands of the 10G environment. Cisco needed Director xStream Pro’s ability to generate and make visible live statistics coming from the switches. Its ability to handle ultra-high data volumes was also important for purposes of the demo. LAN with MACSec—and without it,” says a HD8 Fiber Taps because we felt they would offer us the support needed to show the value of our newest MACsec technology: This is your Cisco Technical Marketing Engineer MACsec and Director xStream Pro Work Together as a Permanent Compliance Solution The ability of Director xStream Pro to capture, display, and document the encryption of LAN traffic is a major benefit to companies challenged with regulatory compliance. Director xStream Pro not only verifies that traffic is encrypted, it allows export of statistics into spreadsheets and other documentation—easing compliance verification for auditing purposes. In addition, Director xStream Pro alerts and exposes in real time any problems that might arise with MACsec encryption, allowing users to take instant action and protecting the value of the MACsec investment. MACsec Encrypted Data Stream Unencrypted Data Stream Net Optics Helps Cisco Put the Proof Before Viewers’ Eyes With MACsec-enabled devices, packets are encrypted on exiting the transmitting device and decrypted on entering the receiving device. They are “in the clear” only within the respective devices. Once the Net Optics HD8 Taps have passively gathered data on the connections, the demo sends data transmissions from the Taps to Director xStream Pro, which collects and displays it clearly in its user interface. Watching the encrypted traffic, viewers can see that traffic is there, but they cannot tell what type it is—whether it is Web traffic, VoIP, video, IPv4 or IPv6, PCP, TCP, UDP or ARP. This proves that the MACsec security function is working. Traffic emanating from the 3500 device, which lacks MACsec technology, clearly reveals its types and protocols—and even its payload contents if it is not using a higher-level encryption protocol such as SSL or SSH. The demo shows how MACsec software protects the network from inside—and Director xStream Pro can also reveal the payload. With encryption and decryption performed locally, it is easier to deploy IT insertion points for IDSs, anti-virus protection, load balancing and traffic management. MACsec’s strong encryption at layer 2 also supports data confidentiality, while integrity checking helps assure that no data modification takes place during transit. Summary Net Optics Taps and Director xStream Pro are helping Cisco offer irrefutable proof that the MACsec-enabled software in its switches helps secure a network from the inside on a hop-by-hop basis. MACsec also enables each hop to act as an IT insertion point for security purposes. Using MACsec, IT departments can now monitor and inspect internal LAN traffic. This capability is fundamental to Cisco’s Borderless Security Architecture, part of the Borderless Network vision. Now, Net Optics TAPs and Director xStream Pro are helping Cisco prove how vital MACsec is to the confidentiality and integrity of the LAN. Net Optics Director xStream Pro’s Live Data Statistics feature enables Cisco to demonstrate the secure exchange of data between switches. As shown in the illustration, Director xStream Pro’s GUI makes the contrast between MACsec encryption and unencrypted data dramatically visible. The display shows encrypted traffic as unreadable, while unencrypted traffic types are easily identified. Director xStream Pro’s Live Data Statistics capability also lets users import statistics into a SQL database or spreadsheet for compliance support and instant insight into network status and health. 5303 Betsy Ross Drive Santa Clara, CA 95054 Tel: +1 (408) 737-7777 www.netoptics.com Net Optics® is a registered trademark of Net Optics, an Ixia company. Copyright 1996-2013 Net Optics, an Ixia company. All rights reserved. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.